in

Generate and sign TSL certificates with ease


Manage certificates with ease.

Download

wget -O certctl https://github.com/chenzhiwei/certctl/releases/latest/download/certctl
chmod +x certctl
./certctl version
sudo mv certctl /usr/local/bin/

Generate CA or Self-signed certificate

certctl generate --subject "C=CN/ST=Beijing/L=Haidian/O=Any Corp/CN=Any Root" 
    --key ca.key --cert ca.crt --days 36500 --size 4096

certctl generate --subject "C=CN/ST=Beijing/L=Haidian/O=Any Corp/CN=anycorp.com" 
    --san *.anycorp.com,localhost,127.0.0.1 
    --key anycorp.com.key --cert anycorp.com.crt --days 365 --size 4096

certctl generate --subject "C=CN/ST=Beijing/L=Haidian/O=Any Corp/CN=anycorp.com" 
    --san *.anycorp.com,localhost,127.0.0.1 
    --key anycorp.com.key --cert anycorp.com.crt --days 365 --size 4096 
    --usage digitalSignature,keyEncipherment 
    --extusage serverAuth,clientAuth,emailProtection

certctl help generate

A full list a key usages are:

  • digitalSignature
  • contentCommitment
  • keyEncipherment
  • dataEncipherment
  • keyAgreement
  • keyCertSign
  • cRLSign
  • encipherOnly
  • decipherOnly

A full list of extended key usages are:

  • any
  • serverAuth
  • clientAuth
  • codeSigning
  • emailProtection
  • IPSECEndSystem
  • IPSECTunnel
  • IPSECUser
  • timeStamping
  • OCSPSigning
  • netscapeServerGatedCrypto
  • microsoftServerGatedCrypto
  • microsoftCommercialCodeSigning
  • microsoftKernelCodeSigning

Sign certificate with CA

certctl sign --ca-key ca.key --ca-cert ca.crt --subject "CN=my.anycorp.com" 
    --san www.my.anycorp.com,localhost,127.0.0.1 
    --key my.anycorp.com.key --cert my.anycorp.com.crt

certctl sign --ca-key ca.key --ca-cert ca.crt --is-ca 
    --subject "CN=my.anycorp.com" 
    --key my.anycorp.com.key --cert my.anycorp.com.crt 
    --usage digitalSignature,keyEncipherment,keyCertSign 
    --extusage serverAuth,codeSigning

certctl help sign

Show certificate/csr from file

certctl show cert-filepath.crt
certctl show csr-filepath.csr

GitHub

https://github.com/chenzhiwei/certctl




Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GIPHY App Key not set. Please check settings

3 Former U.S. Intelligence Officers Admit to Hacking for UAE Company

Open-Source Frontend for Emulators “RetroArch” Now Available on Steam for Windows and Linux Users